EP2103091B1 - Ip address distribution in middleboxes - Google Patents

Ip address distribution in middleboxes Download PDF

Info

Publication number
EP2103091B1
EP2103091B1 EP06819944.7A EP06819944A EP2103091B1 EP 2103091 B1 EP2103091 B1 EP 2103091B1 EP 06819944 A EP06819944 A EP 06819944A EP 2103091 B1 EP2103091 B1 EP 2103091B1
Authority
EP
European Patent Office
Prior art keywords
middlebox
ip
network
addresses
entity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP06819944.7A
Other languages
German (de)
French (fr)
Other versions
EP2103091A1 (en
Inventor
Jani Hautakorpi
Gonzalo Camarillo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Priority to PCT/EP2006/069579 priority Critical patent/WO2008071227A1/en
Publication of EP2103091A1 publication Critical patent/EP2103091A1/en
Application granted granted Critical
Publication of EP2103091B1 publication Critical patent/EP2103091B1/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 characterised by the data terminal
    • H04L29/12009Arrangements for addressing and naming in data networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. local area networks [LAN], wide area networks [WAN]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • H04L12/2869Operational details of access network equipments
    • H04L12/2898Subscriber equipments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 characterised by the data terminal
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/12207Address allocation
    • H04L29/12301Address allocation involving update or notification mechanisms, e.g. update of a Domain Name Server with Dynamic Host Configuration Protocol [DHCP] assigned addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 characterised by the data terminal
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/1233Mapping of addresses of the same type; Address translation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 characterised by the data terminal
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/12792Details
    • H04L29/1282Proxying of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/20Address allocation
    • H04L61/2007Address allocation internet protocol [IP] addresses
    • H04L61/2015Address allocation internet protocol [IP] addresses using the dynamic host configuration protocol [DHCP] or variants
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/20Address allocation
    • H04L61/2076Address allocation involving update or notification mechanisms, e.g. update of a domain name server with dynamic host configuration protocol [DHCP] assigned addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/25Network arrangements or network protocols for addressing or naming mapping of addresses of the same type; address translation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/60Details
    • H04L61/6013Proxying of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/15Directories; Name-to-address mapping
    • H04L61/1505Directories; Name-to-address mapping involving standard directories or standard directory access protocols
    • H04L61/1511Directories; Name-to-address mapping involving standard directories or standard directory access protocols using domain name system [DNS]

Description

    Field of the Invention
  • The present invention relates to the operation of a middlebox in an Internet Protocol (IP) network. In particular, the invention relates to a middlebox providing an interface between IP networks where an entity within one network is responsible for allocating IP addresses to entities within the other network.
  • Background to the Invention
  • A middlebox is a device which passes IP traffic from one entity and passes it to another. A general representation of the function of a middlebox is provided in Figure 1. There are three entities shown in Figure 1: a middlebox 11, internal node 12 and external node 13. The internal node 12 is a node that is closer to the edge of the network than the middlebox, and the external node 13 refers to a node that is outside the influence of the middlebox. Typically there will be more than one internal and external node.
  • Middleboxes generally operate in one of three different modes. The first mode is known as a "bridge" mode. In this mode the middlebox has no IP address or IP addresses of its own, and simply passes IP traffic from one interface to another on a link-layer.
  • The second mode is a "NAT" (Network Address Translation) mode, as described in [RFC2663]. In this mode the middlebox translates between the private addresses of internal nodes to the public addresses of external nodes, and vice versa. In NAT mode the middlebox has at least two IP addresses: a public IP on an external interface, and a private IP on an internal interface.
  • The third mode is a "router" mode. In this mode the middlebox typically has at least two public IP addresses, and routes traffic on the network layer. One example of a middlebox acting as a router is described in US 2005/0044265 .
  • Middleboxes can be used, for example, to provide an interconnection between a home or office network and an Internet Service Provider (ISP). Typically, such a middlebox translates between the protocols used in the home and those used over the connection to the ISP. A suitable arrangement is illustrated in Figure 2. The middlebox may, for example, be an Asynchronous Digital Subscriber Line (ADSL) modem.
  • It is desirable to be able to connect multiple computers to the ISP. One way of achieving this is to operate the middlebox in "NAT" mode. This enables translation between one or more public addresses allocated to the home user, and multiple local IP addresses. When operated in "NAT" mode the middlebox is also capable of providing IP address dependent services S#1, S#2, S#3, S#N, such as a Dynamic Host Configuration Protocol (DHCP) server [RFC2131], firewall and a Domain Name Service (DNS) server. However, this approach suffers from the problem that every computer in the home network, and indeed every Internet application (e.g. browser, Skype, etc.) requires its own NAT traversal code.
  • One solution to this problem is to provide each computer within the home network with its own IP address. The middlebox is then not required to translate between different addresses and may operate in "bridge" mode. The problem with this approach is that the computers in the network are vulnerable to an outside attack, and each must be provided with its own firewall. It is not possible to implement a firewall within the middlebox, since the middlebox, when acting as a bridge, does not have access to IP addresses, which arc needed by a firewall to filter traffic. In addition, traffic between nodes within the home network are sent through the middlebox to the ISP before being routed back to home. This is extremely inefficient.
  • Summary of the Invention
  • In accordance with one aspect of the present invention there is provided a method of operating a middlebox as a router providing an interface between first and second IP networks where an entity within said first network is responsible for allocating IP addresses to an entity or entities within said second network. The method comprises implementing an address distribution functionality for performing routing of IP traffic within and between said networks based on IP addresses and implementing at least one IP address dependent service other than routing. The at least one IP address dependent service includes a DNS server and DHCP server. The method also comprises maintaining a table in the address distribution functionality which maps public IP addresses of the entity or entities within the second network to link layer addresses of the entities within the second network, and dynamically informing the DNS server and DHCP server of addresses allocated to said entity or entities within the second network and of changes to these addresses.
  • Thus the middlebox operates in "router" mode. A router has access to the IP addresses, enabling the operation of IP address dependent services such as a firewall, DHCP server or DNS server. In some embodiments the middlebox may be an ADSL modem, Home IMS Gateway or Access Point for a WLAN.
  • Preferably the entity within the first network responsible for allocating IP addresses is an IP source of an ISP. The middlebox may obtain at least two IP addresses from the IP source, and assign them to external and internal interfaces of the middlebox. This step is preferably performed using an automated IP address distribution mechanism such as DHCP. The middlebox is preferably also responsible for obtaining IP addresses, on behalf of the entity or entities within the second network, from the IP source. These IP addresses are preferably obtained when said entity or entities boots up.
  • In one embodiment the link layer address of an external interface of the middlebox is modified in response to the addresses allocated to the entities in the second network.
  • A further entity within the first network may also perform routing of IP traffic within and between said networks based on IP addresses, and may dynamically inform the or each IP address dependent service of addresses allocated to said entity or entities and of changes to these addresses. This further entity may obtain IP addresses on behalf of the middlebox.
  • The invention also provides a middlebox adapted to carry out the methods described above.
  • Brief Description of the Drawings
    • Figure 1 is a schematic representation of a middlebox for passing traffic between two or more nodes.
    • Figure 2 is a schematic representation of a middlebox providing an interconnection between a home network and an Internet Service Provider (ISP) so as to provide the home network with more than one public IP address.
    • Figure 3 illustrates a middlebox implementing Advanced IP Address Distribution in Middleboxes (AIPADIM).
    • Figure 4 illustrates an exemplary signalling flow for obtaining a public IP address for a home or office network.
    • Figure 5 illustrates the implementation of AIPADIM on a Home IP Multimedia Subsystem (IMS) Gateway (HIGA).
    • Figure 6 illustrates the implementation of AIPADIM by a ADSL modem and a Wireless Local Area Network (WLAN) Access Point (AP).
    Detailed Description of the Preferred Embodiment
  • As previously discussed, Figure 2 illustrates the use of a middlebox 21 as an interconnection between internal nodes 22 of a home or office network and an ISP 24 which allocates public IP addresses to computers of the home network. In one example, the middlebox is an ADSL modem, and acts as a gateway for the home or office network. Once the public IP addresses have been allocated the internal nodes 22 can communicate with external nodes 23.
  • Figure 3 illustrates the internal features of a middlebox 31, which could act as the middlebox 21 of Figure 2. The middlebox 31 is configured to operate in "router" mode, so as to route traffic on the network layer. The middlebox 31 includes an Advanced IP Address Distribution in Middleboxes (AIPADIM) functionality 32. The AIPADIM operates as follows:
  1. 1. The AIPADIM component typically fetches two IP addresses from the IP source 24 of the ISP, and assigns them to the external 33 and internal 34 interfaces of the middlebox 31. This process is performed using an automated IP distribution mechanism such as DHCP.
  2. 2. The AIPADIM fetches IP addresses from the ISP on behalf of the internal nodes 22. This may be achieved, for example, by the middlebox fetching an IP address or addresses from the IP-source 24 whenever an internal node 22 boots up.
  • In some environments, especially on multi-access links, "link-layer adaptation" 35 may be needed. Link-layer adaptation is a part of AIPADIM, and can act, for example, to do the following:
    • Modify the link-layer address of the middlebox's external interface. This is required because some automated IP address distribution mechanisms may check the link layer address of the sender. In such cases, the middlebox might have to 'forge' its link-layer address on some IP address queries
    • Run the middlebox's external interface in a promiscuous mode. This ensures that the interface reads all the traffic it receives, rather than just the traffic that is destined to its link-layer address. Thus, if IP address queries with 'forged' link-layer addresses are sent by the middlebox, it will only receive replies if it is run in promiscuous mode.
    • Maintain a table which maps the public IP addresses to link-layer addresses of internal nodes. This might include manipulation of the Address Resolution Protocol (ARP) table.
  • The middlebox 31 also provides IP address dependent services which may include, for example, a DHCP server 311, firewall 312, and DNS server 313. The AIPADIM function 32 keeps the IP address dependent services 311-314 informed of any changes in the IP address distribution.
  • Even though the routing itself is not seen as a service, a reactive "routing manipulation" service 36 is also provided. The routing manipulation functionality modifies the routing table of the middlebox so that the middlebox can make a decision on what interface an incoming packet should be forwarded to. The reactive nature of routing manipulation is particularly important in an environment where the ISP distributes dynamic IP addresses.
  • Figure 4 illustrates a suitable coarse signalling flow which could be used to put the example above (where the middlebox is an ADSL modem) into practice. The figure clarifies the behaviour of AIPADIM in a scenario where the internal node 22 boots up. All the actions performed by the AIPADIM functionality are identified by the "AIPADIM" tag. Similar behaviour also applies to other AIPADIM embodiments.
  • In another example, the AIPADIM functionality may be used in a Home IP Multimedia Subsystem (IMS) Gateway (HIGA). IP Multimedia (IPMM) is a service that provides a dynamic combination of voice, video, messaging, data, etc., within the same session. The application of AIPADIM to HIGA is illustrated in Figure 5.
  • In this example, a middlebox 51, which is a HIGA, obtains IP addresses from an ISP (not shown) via an ADSL connection 53. The middlebox 51 distributes acquired IP addresses to internal nodes 52, which can be for example Session Initiation Protocol (SIP) [RFC3261] phones. The middlebox may also operate internal IP address dependent services, such as for example a SIP proxy. The AIPADIM functionality is used to keep such services informed of the IP address distribution.
  • In a further example the Access Point (AP) of a Wireless Local Area Network (WLAN), together with an ADSL modem, is provided with AIPADIM functionality. This example is illustrated in Figure 6.
  • Figure 6 shows a middlebox 61 which is also the AP of a WLAN. The WLAN is represented schematically by a single internal node 62 (e.g. a laptop) but it will be appreciated that many internal nodes are likely to be present. The middlebox is also connected to an ADSL modem 63. The middlebox 61 and ADSL modem 63 may both implement AIPADIM. Both entities may have a DHCP server which is assisted by an AIPADIM component. The ADSL modem obtains IP addresses from an ISP (not shown) by using DHCP, and distributes them to the middlebox. The middlebox then distributes the IP addresses to internal nodes.
  • In this example, the link between the ADSL modem and the middlebox uses Ethernet, which is a multi-access network. It is therefore likely that link-layer adaptation (as described with reference to Figure 3) will be required. Firewalls (or other IP address dependent services) could be implemented in the ADSL modem 63, or the middlebox 61, or both.
  • It will be appreciated that the AIPADIM functionality is useful for situations not covered by the three examples described above. Figure 2 illustrates a home or office network scenario, but is also useful in considering a more general setting. Referring to Figure 2, in general the following entities will be present:
    • IP source 24: An entity for distributing more than one IP address towards the middlebox, implementing AIPADIM. IP address distribution is done using an automated IP distribution mechanism.
    • Middlebox 21: An entity which routes IP packets, includes AIPADIM functionality, and hosts one or more IP address aware services. The middlebox 21 obtains IP addresses using the automated IP address distribution.
    • Internal node or nodes 22: Nodes that use the middlebox 21 to reach external nodes 23.
    • External node or nodes 23: Nodes that use the middlebox 21 to reach internal nodes 22.
  • The middlebox 21 acts as a router that also provides IP address aware services. In this context, an IP address aware service signifies any service that could benefit from the knowledge of the IP address distribution. The routing itself is not seen as a service in this context.
  • The AIPADIM concept is especially useful in situations where public IP addresses are dynamic, i.e. situations where the IP source distributes different IP addresses over time.
  • It will be appreciated that a "nested" case, where the IP-source is also an entity implementing AIPADIM, is within the realm of this invention. Furthermore, the invention can be used with both IPv4 (IP version 4) [RFC791] and IPv6 (IP version 6) [RFC2460]. A middlebox implementing AIPADIM has one or more public IP addresses on its own interface or interfaces.
  • AIPADIM, as described herein, enables the use of middleboxes in a router mode. It also makes it possible to include IP address dependent services in the middlebox itself. Integrated reactive routing manipulation and link-layer adaptation functionalities are enablers for AIPADIM itself.
  • AIPADIM almost completely nullifies the need to run middleboxes either in bridged or in NAT mode. By doing so, it also provides an alternative solution which does not have the same problems that are associated with bridged and NAT mode. Furthermore, the AIPADIM concept is especially well suited to environments where public IP addresses are dynamic.
  • Claims (15)

    1. A method of operating a middlebox (31) as a router providing an interface between first and second IP networks where an entity (24) within said first network is responsible for allocating IP addresses to an entity or entities (22) within said second network, the method comprising:
      implementing an address distribution functionality (32) for performing routing of IP traffic within and between said networks based on IP addresses; and
      implementing at least one IP address dependent service (311, 312, 313) other than routing;
      characterised in that the at least one IP address dependent service includes a DNS server and a DHCP server;
      and in that the method further comprises;
      maintaining a table in the address distribution functionality which maps public IP addresses of the entity or entities within the second network to link layer addresses of the entities within the second network;
      dynamically informing the DNS server and DHCP server of addresses allocated to said entity or entities within the second network and of changes to these addresses.
    2. The method of claim 1, wherein the entity (24) within the first network responsible for allocating IP addresses is an IP address source of an ISP.
    3. The method of claim 1 or 2, further comprising obtaining one or more IP addresses from the entity (24) within the first network responsible for allocating IP addresses, and assigning them to external (33) and internal (34) interfaces of the middlebox (31).
    4. The method of claim 3, wherein the same IP address is assigned to the external (33) and internal (34) interfaces of the middlebox (31).
    5. The method of claim 3, wherein two or more IP addresses are obtained from the entity (24) within the first network responsible for allocating IP addresses and assigned to the external (33) and internal (34) interfaces of the middlebox (31).
    6. The method of claim 3, 4 or 5 wherein the step of obtaining the one or more IP addresses is performed using an automated IP address distribution mechanism (32).
    7. The method of claim 6, wherein the automated IP address distribution mechanism is DHCP.
    8. The method of any preceding claim, further comprising operating the middlebox (31) to obtain one or more IP addresses on behalf of the entity or entities (22) within the second network from the entity (24) within the first network responsible for allocating IP addresses.
    9. The method of claim 8, wherein the IP address or addresses for the entity or entities (22) within the second network are obtained when said entity or entities boots up.
    10. The method of any preceding claim, wherein the link layer address of an external interface (33) of the middlebox (31) is modified in response to the addresses allocated to the entities in the first and second networks.
    11. The method of any preceding claim, further comprising operating internal IP address dependent services for entities within the second network.
    12. The method of any preceding claim, wherein the middlebox comprises an ADSL modem, a Home IMS Gateway (51), or a WLAN Access Point (61).
    13. The method of any preceding claim, wherein a further entity within the first network also performs routing of IP traffic within and between said networks based on IP addresses and dynamically informs the or each IP address dependent service (311, 312, 313) of addresses allocated to said entity or entities and of changes to these addresses.
    14. The method of claim 13, wherein the further entity within the first network obtains IP addresses on behalf of the middlebox (31).
    15. A middlebox (31) adapted to carry out the method of any preceding claim.
    EP06819944.7A 2006-12-12 2006-12-12 Ip address distribution in middleboxes Active EP2103091B1 (en)

    Priority Applications (1)

    Application Number Priority Date Filing Date Title
    PCT/EP2006/069579 WO2008071227A1 (en) 2006-12-12 2006-12-12 Ip address distribution in middleboxes

    Publications (2)

    Publication Number Publication Date
    EP2103091A1 EP2103091A1 (en) 2009-09-23
    EP2103091B1 true EP2103091B1 (en) 2015-11-18

    Family

    ID=38515491

    Family Applications (1)

    Application Number Title Priority Date Filing Date
    EP06819944.7A Active EP2103091B1 (en) 2006-12-12 2006-12-12 Ip address distribution in middleboxes

    Country Status (4)

    Country Link
    US (1) US20100046530A1 (en)
    EP (1) EP2103091B1 (en)
    JP (1) JP4786747B2 (en)
    WO (1) WO2008071227A1 (en)

    Families Citing this family (31)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    US20080225749A1 (en) * 2007-03-13 2008-09-18 Dennis Peng Auto-configuration of a network device
    US10469556B2 (en) * 2007-05-31 2019-11-05 Ooma, Inc. System and method for providing audio cues in operation of a VoIP service
    US9225626B2 (en) 2007-06-20 2015-12-29 Ooma, Inc. System and method for providing virtual multiple lines in a communications system
    US8056890B2 (en) * 2007-07-02 2011-11-15 William Thomas Engel Cut mat
    US20090168755A1 (en) * 2008-01-02 2009-07-02 Dennis Peng Enforcement of privacy in a VoIP system
    US8515021B2 (en) * 2008-02-25 2013-08-20 Ooma, Inc. System and method for providing personalized reverse 911 service
    US8125999B2 (en) * 2008-05-30 2012-02-28 At&T Intellectual Property I, L.P. Systems and methods to minimize customer equipment downtime in a voice over internet protocol (VOIP) service network
    US8223631B2 (en) * 2008-05-30 2012-07-17 At&T Intellectual Property I, L.P. Systems and methods to monitor and analyze customer equipment downtime in a voice over internet protocol (VoIP) service network
    US20110110378A1 (en) * 2009-11-10 2011-05-12 Nokia Corporation Method and Apparatus for Communications Traffic Breakout
    DE102010028974A1 (en) * 2010-05-12 2011-11-17 Vodafone Holding Gmbh Providing an end-to-end connection from an end unit to a network
    CN107071088A (en) 2011-08-17 2017-08-18 Nicira股份有限公司 Logic L3 is route
    US9137107B2 (en) 2011-10-25 2015-09-15 Nicira, Inc. Physical controllers for converting universal flows
    US9288104B2 (en) 2011-10-25 2016-03-15 Nicira, Inc. Chassis controllers for converting universal flows
    US9154433B2 (en) 2011-10-25 2015-10-06 Nicira, Inc. Physical controller
    US9203701B2 (en) 2011-10-25 2015-12-01 Nicira, Inc. Network virtualization apparatus and method with scheduling capabilities
    EP2748978B1 (en) * 2011-11-15 2018-04-25 Nicira Inc. Migrating middlebox state for distributed middleboxes
    AU2015258160B2 (en) * 2011-11-15 2017-04-20 Nicira, Inc. Network control system for configuring middleboxes
    WO2013102010A1 (en) 2011-12-28 2013-07-04 Huawei Technologies Co., Ltd. A service router architecture
    CN103368847B (en) * 2012-03-27 2017-02-22 华为技术有限公司 Broadband convergence communication method and router
    EP2955886A1 (en) 2012-04-18 2015-12-16 Nicira Inc. Using transactions to compute and propagate network forwarding state
    US9560198B2 (en) 2013-09-23 2017-01-31 Ooma, Inc. Identifying and filtering incoming telephone calls to enhance privacy
    US9386148B2 (en) 2013-09-23 2016-07-05 Ooma, Inc. Identifying and filtering incoming telephone calls to enhance privacy
    US9633547B2 (en) 2014-05-20 2017-04-25 Ooma, Inc. Security monitoring and control
    US10044617B2 (en) 2014-11-14 2018-08-07 Nicira, Inc. Stateful services on stateless clustered edge
    US9876714B2 (en) 2014-11-14 2018-01-23 Nicira, Inc. Stateful services on stateless clustered edge
    US9866473B2 (en) 2014-11-14 2018-01-09 Nicira, Inc. Stateful services on stateless clustered edge
    US9967134B2 (en) 2015-04-06 2018-05-08 Nicira, Inc. Reduction of network churn based on differences in input state
    US10009286B2 (en) 2015-05-08 2018-06-26 Ooma, Inc. Communications hub
    US9521069B2 (en) 2015-05-08 2016-12-13 Ooma, Inc. Managing alternative networks for high quality of service communications
    US10204122B2 (en) 2015-09-30 2019-02-12 Nicira, Inc. Implementing an interface between tuple and message-driven control entities
    US10116796B2 (en) 2015-10-09 2018-10-30 Ooma, Inc. Real-time communications-based internet advertising

    Family Cites Families (22)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    US5922049A (en) * 1996-12-09 1999-07-13 Sun Microsystems, Inc. Method for using DHCP and marking to override learned IP addesseses in a network
    US6564216B2 (en) * 1998-10-29 2003-05-13 Nortel Networks Limited Server manager
    US20020073182A1 (en) * 2000-12-08 2002-06-13 Zakurdaev Maxim V. Method and apparatus for a smart DHCP relay
    US8095668B2 (en) * 2001-11-09 2012-01-10 Rockstar Bidco Lp Middlebox control
    US7120930B2 (en) * 2002-06-13 2006-10-10 Nvidia Corporation Method and apparatus for control of security protocol negotiation
    US7143137B2 (en) * 2002-06-13 2006-11-28 Nvidia Corporation Method and apparatus for security protocol and address translation integration
    US7143188B2 (en) * 2002-06-13 2006-11-28 Nvidia Corporation Method and apparatus for network address translation integration with internet protocol security
    US7191331B2 (en) * 2002-06-13 2007-03-13 Nvidia Corporation Detection of support for security protocol and address translation integration
    US7430602B2 (en) * 2002-12-20 2008-09-30 Qualcomm Incorporated Dynamically provisioned mobile station and method therefor
    US7568041B1 (en) * 2003-09-29 2009-07-28 Nortel Networks Limited Methods and apparatus for selecting a media proxy
    EP1698118B1 (en) * 2003-12-22 2012-06-13 TELEFONAKTIEBOLAGET LM ERICSSON (publ) Control of mobile packet streams
    CN100399768C (en) * 2003-12-24 2008-07-02 华为技术有限公司 Method for implementing NAT traversing and system thereof
    WO2006036641A1 (en) * 2004-09-22 2006-04-06 Siemens Communications, Inc. Pseudo number portability in fixed-mobile convergence with one number
    US7680104B2 (en) * 2004-11-09 2010-03-16 Cisco Technology, Inc. Address tagging for network address translation (NAT) traversal
    JP2006254269A (en) * 2005-03-14 2006-09-21 Fujitsu Access Ltd Subscriber's line terminal device and user terminal for preventing dos/ddos attack
    US20070097976A1 (en) * 2005-05-20 2007-05-03 Wood George D Suspect traffic redirection
    US7639668B2 (en) * 2005-05-31 2009-12-29 Alcatel-Lucent Usa Inc. Method for securing RTS communications across middleboxes
    CN101218785B (en) * 2005-07-01 2010-06-16 艾利森电话股份有限公司 Monitoring method and apparatus in telecommunication system
    DE602007013672D1 (en) * 2006-11-06 2011-05-19 Nokia Corp Global accessibility in communication networks
    US7792942B1 (en) * 2007-01-31 2010-09-07 Alcatel Lucent DHCP server synchronization with DHCP proxy
    US20090129301A1 (en) * 2007-11-15 2009-05-21 Nokia Corporation And Recordation Configuring a user device to remotely access a private network
    US7836142B2 (en) * 2008-02-22 2010-11-16 Time Warner Cable, Inc. System and method for updating a dynamic domain name server

    Also Published As

    Publication number Publication date
    US20100046530A1 (en) 2010-02-25
    EP2103091A1 (en) 2009-09-23
    JP4786747B2 (en) 2011-10-05
    WO2008071227A1 (en) 2008-06-19
    JP2010512701A (en) 2010-04-22

    Similar Documents

    Publication Publication Date Title
    Senie RFC3235: Network Address Translator (NAT)-Friendly Application Design Guidelines
    US7302496B1 (en) Arrangement for discovering a localized IP address realm between two endpoints
    CN101795303B (en) Method and system for enabling connections into networks with local address realms
    US8942233B2 (en) Method and apparatus for performing network address translation
    EP1554860B1 (en) Intelligent network address translator and method for network address translation
    CN1198433C (en) Audio-video telephone with firewalls and network address translation
    US8095668B2 (en) Middlebox control
    US6822957B1 (en) Distributed network address translation for a network telephony system
    CN1781297B (en) Apparatus and methods for handling shared services through virtual route forwarding (VRF) -aware-NAT
    Ford et al. Issues with IP address sharing
    US7315543B2 (en) Apparatus and method for data communication on packet-switching network
    US7684394B1 (en) System and method for increasing host visibility in network address translation environments
    EP1303106B1 (en) Address translation method
    US7139828B2 (en) Accessing an entity inside a private network
    Thaler et al. Default address selection for internet protocol version 6 (IPv6)
    US8295285B2 (en) Method and apparatus for communication of data packets between local networks
    US20040240468A1 (en) Inter private newtwork communications between IPv4 hosts using IPv6
    CA2570843C (en) Arrangement for reaching ipv4 public network nodes by a node in an ipv4 private network via an ipv6 access network
    US7929533B2 (en) System for selecting a connectivity mechanism
    US6801528B2 (en) System and method for dynamic simultaneous connection to multiple service providers
    Bagnulo et al. Stateful NAT64: Network address and protocol translation from IPv6 clients to IPv4 servers
    US7106739B2 (en) Method enabling network address translation of incoming session initiation protocol connections based on dynamic host configuration protocol address assignments
    Wu et al. Transition from IPv4 to IPv6: A state-of-the-art survey
    US7609701B2 (en) Communication using private IP addresses of local networks
    US7467214B2 (en) Invoking protocol translation in a multicast network

    Legal Events

    Date Code Title Description
    AK Designated contracting states

    Kind code of ref document: A1

    Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

    17P Request for examination filed

    Effective date: 20090706

    DAX Request for extension of the european patent (to any country) (deleted)
    17Q First examination report despatched

    Effective date: 20100602

    REG Reference to a national code

    Ref country code: DE

    Ref legal event code: R079

    Ref document number: 602006047362

    Country of ref document: DE

    Free format text: PREVIOUS MAIN CLASS: H04L0029120000

    Ipc: H04L0012280000

    RIC1 Information provided on ipc code assigned before grant

    Ipc: H04L 29/12 20060101ALI20150518BHEP

    Ipc: H04L 12/28 20060101AFI20150518BHEP

    INTG Intention to grant announced

    Effective date: 20150618

    RAP1 Rights of an application transferred

    Owner name: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)

    AK Designated contracting states

    Kind code of ref document: B1

    Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

    REG Reference to a national code

    Ref country code: GB

    Ref legal event code: FG4D

    REG Reference to a national code

    Ref country code: CH

    Ref legal event code: EP

    REG Reference to a national code

    Ref country code: AT

    Ref legal event code: REF

    Ref document number: 762023

    Country of ref document: AT

    Kind code of ref document: T

    Effective date: 20151215

    REG Reference to a national code

    Ref country code: IE

    Ref legal event code: FG4D

    REG Reference to a national code

    Ref country code: DE

    Ref legal event code: R096

    Ref document number: 602006047362

    Country of ref document: DE

    REG Reference to a national code

    Ref country code: NL

    Ref legal event code: MP

    Effective date: 20160218

    REG Reference to a national code

    Ref country code: LT

    Ref legal event code: MG4D

    REG Reference to a national code

    Ref country code: AT

    Ref legal event code: MK05

    Ref document number: 762023

    Country of ref document: AT

    Kind code of ref document: T

    Effective date: 20151118

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: IT

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: ES

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: NL

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: IS

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20160318

    Ref country code: LT

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: GR

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20160219

    Ref country code: PL

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: AT

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: FI

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: SE

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: BE

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20151231

    Ref country code: PT

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20160318

    Ref country code: LV

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: CZ

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    REG Reference to a national code

    Ref country code: CH

    Ref legal event code: PL

    REG Reference to a national code

    Ref country code: DE

    Ref legal event code: R097

    Ref document number: 602006047362

    Country of ref document: DE

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: RO

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: SK

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: DK

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: EE

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    REG Reference to a national code

    Ref country code: IE

    Ref legal event code: MM4A

    REG Reference to a national code

    Ref country code: FR

    Ref legal event code: ST

    Effective date: 20160831

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: MC

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    GBPC Gb: european patent ceased through non-payment of renewal fee

    Effective date: 20160218

    26N No opposition filed

    Effective date: 20160819

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: IE

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20151212

    Ref country code: LI

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20151231

    Ref country code: CH

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20151231

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: SI

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    Ref country code: FR

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20160118

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: BE

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: GB

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20160218

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: HU

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

    Effective date: 20061212

    Ref country code: BG

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: CY

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: TR

    Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

    Effective date: 20151118

    PG25 Lapsed in a contracting state [announced from national office to epo]

    Ref country code: LU

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20151212

    PGFP Annual fee paid to national office [announced from national office to epo]

    Ref country code: DE

    Payment date: 20181231

    Year of fee payment: 13